After years of being hamstrung by the threat of prosecution under The Computer Fraud and Abuse Act (CFAA), security researchers and hackers operating in good faith have gotten some relief after the U.S. Justice Department said it would not bring charges against them using the law.
The federal regulation had, at least theoretically, threatened researchers acting in good faith, even those participating in bug bounty programs and who are some of the most creative, innovative minds in security.
“Researchers often complained that, even when firms have a coordinated disclosure or ‘bug bounty’ program, too much push-back or friction exists; they often feel slighted or pushed off,” said Archie Agarwal, founder and CEO, ThreatModeler. “Organizations, for their part, are often stuck when presented with a disclosure because the researcher found a fatal design flaw that will require months of concerted effort to mitigate—perhaps some researchers preferred such flaws would stay buried out of sight.”
If you’d like to learn more about ThreatModeler’s capabilities, you can contact us here.